Tagged Questions

Cipher block chaining (CBC) is a method for encrypting large amounts of data with a block cipher that can only encrypt fixed length plaintexts. When used with an unpredictable initialization vector (IV), it is secure against chosen plaintext attacks (CPA-secure).

SSL 3.0 and TLS 1.0 used an insecure scheme to generate implicit IVs when encrypting records in CBC mode: they used the last part of the previous record, a value that can be predicted by the attacker. ...

Mainly I'm trying to understand how to correctly create the Key and IV for use with the .NET Implementation of AES (AesManaged class).
This encryption code will be used in conjunction with existing ...

I need to store several million Payment Card Numbers (PCNs) securely in a mainframe database (that is, 'at rest'). I assume that any attacker will have access to all of the stored data.
I assume the ...

Why is it necessary to use a sufficiently long block size when implementing a CBC block cipher with a truly random initialization vector? In ECB mode it's easy to get information about the message if ...

Is CBC with Ciphertext Stealing (CTS) considerably weaker than CBC with padding such as PKCS7?
I would imagine the most common situation where CTS is necessary would be due to some size constraint of ...

I am attempting to duplicate wireshark's packet capture decryption for a TLS HTTP session, where I control the private key of the server.
The cipher suite number is 0x00002f, TLS_RSA_AES_128_CBC_SHA
...

I was not able to understand why we practically need a CPA security in Cipher Block Chaining. (which insist on having a random IV), let say if the encryption is not CPA secure i.e , the adversary can ...

I have a need to encrypt credentials for a third-party app used by a secured internal app. Over on ITSec.SE, I was helpfully shown a scheme to encrypt the third-party credentials based on a hash of ...

I want to encrypt a small piece of data that is less that 16 bytes in size (think SSN), and I'll be using a 256bit encryption key. The typical suggestion is to never use ECB, but if there is just a ...

A "practical attack against XML's cipher block chaining (CBC) mode" has been demonstrated:
XML Encryption Flaw Leaves Web Services Vulnerable.
Does this weakness of CBC-mode which is used here also ...

I am encrypting files for storage in an untrusted location, using a custom Java program to do that. There is only one user, but there are many files.
I am using AES in CBC mode with PKCS5 padding, and ...

i'm trying to figure out when an Intialization Vector (IV) should be used.
There are anecdotal reports that WEP was broken because of weak IV's. It's also claimed that if two pieces of plaintext are ...

I'm trying to brute force a 3DES problem given a reduced keyspace (ie I know the first half of the key) but with an unknown IV. The code decrypts to plaintext. My first thought was that I could set ...

I recently was "directed" to FlipsCloud, a company selling security solutions (as far as I can tell).
In particular I've investigated their page and found a page on their "encryption features".
This ...

I'm doing a code review for a crypto solution that reuses the same key with a constant IV. I want to demonstrate that this is not the right way to do things by figuring out the key and decrypting all ...

In my cryptography class, the instructor suggested that in order to give the attacker a minimal advantage of $1/2^{32}$, we have to change the key after $2^{48}$ blocks are encrypted.
It seems that ...

Theoretically, when using a symmetric block cipher in CBC mode, the current block is dependent on the previous block. Suppose one plaintext is encrypted using CBC, and then one bit of it is changed, ...

I've implemented this algorithm, which, working from the end of the message backwards, creates a valid CBC ciphertext from any plaintext, using the block cipher's decryption operation instead of the ...

I use AES both CBC and CBC-MAC to encrypt some stuff. I generate one key for CBC and one different key for CBC-MAC.
Does the second key (for CBC-MAC) need to be secret?
How to join such key with the ...

I'm currently working with a secure transport protocol that defines the IV to be a counter (incremental nonce) to be encrypted with the same key. This is a followup to a protocol that did not provide ...

I have a hypothetical encryption scheme where somebody uses the one-time pad in CBC mode. That is, the block cipher is $E(k, m) :=k⊕m$, and that block cipher is used in CBC mode.
Now, I am assuming ...